package org.app.Utils;

import jakarta.annotation.Resource;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.app.Service.IAuthService;

import java.util.Set;

public class CheckAuthorization {
    @Resource
    private static IAuthService authService;

    public static void checkAuthorization(String c_id, String group_id) {

        // 获取用户权限和角色
//        Set<String> permsSet = authService.getUserPermissions(c_id);
        Set<String> rolesSet = authService.getUserRoles(c_id, group_id);

        // 检查是否有角色
        if (rolesSet == null || rolesSet.isEmpty()) {
            throw new AuthorizationException("该用户在指定群组中无角色");
        }

        // 获取当前Subject
        Subject subject = SecurityUtils.getSubject();

        // 检查用户是否具有指定角色
        for (String role : rolesSet) {
            if (!subject.hasRole(role)) {
                throw new AuthorizationException("该用户在指定群组中没有角色: " + role);
            }
        }

//        // 检查用户是否具有指定权限
//        for (String permission : permsSet) {
//            if (!subject.isPermitted(permission)) {
//                throw new AuthorizationException("该用户在指定群组中没有权限: " + permission);
//            }
//        }
//
//        // 如果所有检查通过，说明用户有足够的权限
//        System.out.println("授权检查通过");
    }
}
